github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-19 18:01:01 +00:00
Code Issues Projects Releases Wiki Activity

tests: k8s: k8s-pid-ns.bats auto-generated policy

Browse Source 
Auto-generate policy for k8s-pid-ns.bats.

Fixes: #9249

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
This commit is contained in:
Dan Mihai 2024-02-14 20:16:01 +00:00
parent a116b252c8
commit e8c2a45ce0
1 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
tests/integration/kubernetes/k8s-pid-ns.bats
View File

@ -14,25 +14,36 @@ setup() {
second_container_name="second-test-container"
get_pod_config_dir
test_yaml_file="${pod_config_dir}/pid-ns-busybox-pod.yaml"
cp "$pod_config_dir/busybox-pod.yaml" "${test_yaml_file}"
policy_settings_dir="$(create_tmp_policy_settings_dir "${pod_config_dir}")"
ps_command="ps"
add_exec_to_policy_settings "${policy_settings_dir}" "${ps_command}"
add_requests_to_policy_settings "${policy_settings_dir}" "ReadStreamRequest"
auto_generate_policy "${policy_settings_dir}" "${test_yaml_file}"
}
@test "Check PID namespaces" {
# Create the pod
kubectl create -f "${pod_config_dir}/busybox-pod.yaml"
kubectl create -f "${test_yaml_file}"
# Check pod creation
kubectl wait --for=condition=Ready --timeout=$timeout pod $pod_name
# Check PID from first container
first_pid_container=$(kubectl exec $pod_name -c $first_container_name \
-- ps | grep "/pause")
-- $ps_command | grep "/pause")
# Verify that is not empty
check_first_pid=$(echo $first_pid_container | wc -l)
[ "$check_first_pid" == "1" ]
# Check PID from second container
second_pid_container=$(kubectl exec $pod_name -c $second_container_name \
-- ps | grep "/pause")
-- $ps_command | grep "/pause")
# Verify that is not empty
check_second_pid=$(echo $second_pid_container | wc -l)
[ "$check_second_pid" == "1" ]
@ -45,4 +56,7 @@ teardown() {
kubectl describe "pod/$pod_name"
kubectl delete pod "$pod_name"
rm "${test_yaml_file}"
delete_tmp_policy_settings_dir "${policy_settings_dir}"
}